crypt_wipe_device was called incorrectly on metadata device even
though integrity header is always on data device from cryptsetup
pov. During LUKS2 crypt_format with detached header scenario we
would wiped first 8 sectors of metadata device instead of data
device.
Currently, AC_ARG_[ENABLE|WITH] are used in multiple different ways.
This change makes all their uses the same by following the style of
the GNU manual:
- AC_ARG_ENABLE(foo) should only define $enable_foo
- Use the 2 argument form with a --enable_foo flag
- Use the 4 argument form with a --disable_foo flag
- Format all uses the same way
- Always compare using: test "x$enable_foo" = "xyes"
This makes the easier to debug, more readable, and shorter.
This formatting fix also revealed a bug (fix submitted seperately).
Bzip2 is sometimesmissing and we use xz already.
Seems xz produces slightly larger archives (despite the best mode)
but it is not worth to keep bz2 here.
When LUKS2 crypt_format() is called with detached header and custom data
alignment is requested, keyslots area is miscalculated. This mistake
is correctly detected by LUKS2 validation code but it's feature
regression with regard to LUKSv1 format.
Also rename all 'length' variable to 'size' since json
field is named size.
Make segment validation two step process. First
validate general segment object is valid and later
validate specific segment type has all necessary fields.
Without this patch older libraries won't be able to print out
(luksDump) basic information about devices created with newer
libraries.
If any segment has missing 'offset' field keyslots validation
routine could trigger segfault due to misuse of function that
expects valid 'segments' object.
Fix it by reordering validation routines.
Stdout is not printed in initrd unless user invokes debug mode.
It's inconvenient to have users waiting for reencryption to
finish with no input at all.
Move all messages to cryptsetup tools and print these
verbose messages:
- Key slot X unlocked.
- Key slot X created.
- Key slot X removed.
and
- Token X created.
- Token X removed.
Also print error, if unknown token is tried to be removed.
